M&S cyberattack: Customers warned of post-incident scam risk
Iconic British shop chain admits personal data has been stolen, sparking fears of an imminent wave of fraud.
Marks & Spencer has admitted that hackers accessed customer data during a cyberattack that has stopped it from making online sales for more than three weeks.
In a statement, chief executive Stuart Machin confirmed that personal information was stolen during the incident and said that customers would be asked to change their passwords the next time they log in.
He said: "We have written to customers today to let them know that unfortunately, some personal customer information has been taken.
“Importantly there is no evidence that the information has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action.
“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online.”
"We are really sorry that we've not been able to offer you the service you expect from M&S over the last week."
Simply an M&S cyberattack
The news sparked warnings that criminals could use the data in a scam wave targeting shoppers.
Lisa Barber, Tech Editor at the consumer bible Which, said: "While it's reassuring that card and account details don't appear to have been taken in the M&S cyber incident, it's concerning that criminals have gained access to information that could be used for identity fraud.
"It's always a good idea to change your password as soon as possible if there's been a security breach and to ensure your new password is unique from any other online accounts.
"M&S customers should also be on the lookout for scammers using the data breach as an opportunity to contact them impersonating legitimate organisations. You should treat any contact out of the blue with suspicion and be especially wary of anyone who asks you to verify account details or payment information.
"If you are in any doubt about whether a call, email or message is genuine, don't give any personal details and contact the company directly to check if it's really them."
Panic on the High Street
The M&S incident was one of a trio of attacks on iconic British High Street brands, with Harrods and the Co-op also separately targeted.
Dr Darren Williams, CEO and Founder of BlackFog, said: "In most cases, the ultimate aim for attackers is to obtain data. Whilst the retailer has reported that no payment information was compromised, the fact that contact information has been stolen means that customers should be alert to any suspicious messages, calls or emails that claim to be from M&S.
"It’s a further sign of the escalating risk that all businesses face in this era of cyber attacks, in which data is their most prized target."
Do you have a story or insights to share? Get in touch and let us know.
